Infosec Experts Weigh In On Trump's Call For Russians To Hack Clinton Email

Donald Trump—the Republican nominee for President of the United States—was speaking about the controversial email hack of the DNC and the allegations that Russia is possibly behind it. Trump went on live television and said, “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,"--referring to the emails deleted by Hillary Clinton related to her controversial use of a private email server while serving as Secretary of State.

The Trump campaign has worked vigorously to un-ring that bell. First, the official stance was that Trump wasn’t actually inviting the Russians to hack his rival in order to sway the election for his own political gain—he was pleading with them to please share that evidence with the FBI for its investigation into Clinton’s email server. It wasn’t a highly unethical, possibly treasonous call for a foreign nation to hack a candidate running for President of the United States, it was just a concerned citizen trying to make sure the FBI has as much help as it can get.

As of this morning, Trump’s new official position is that it was sarcastic. It was just meant to be funny.

I reached out to experts in information security and data protection to get their thoughts on Trump’s statement and the implications it has.

Ajay Arora, co-founder and CEO of Vera, exclaimed, “I almost fell out of my chair! This is no different than Nixon calling for the Watergate break-in on live TV,” adding, “What trump is calling for is for a foreign government, to give him the ammunition to politically assassinate his rival, in other words, cyber assassination. It's borderline insanity. You just can't write this stuff."

“It’s unprecedented. I suspect many would argue its harmful however it was intended,” shared Dimitri Sirota, founder and CEO of BigID. “Giving the candidate the benefit of the doubt that he did not mean to appeal to a foreign adversary to attack the US and pervert an election (clearly not something you would expect from a Commander-in-chief) it still has the unfortunate effect of chilling the confidence allies will have in sharing intelligence with the US and its candidate. Unpredictability is not a virtue in statesmanship and diplomacy.”

Is it Unethical?

As with most things, Trump’s words and how they’re perceived is open to subjective interpretation. One person’s treason is another one’s patriotism.

Craig Kunitani, COO and CTO of SecurityMentor, explained, “The theft of the Democratic National Committee’s email by a foreign nation state is a crime. And a candidate of the presidency encouraging another country to release stolen private emails from our own citizens or institutions should never be condoned or encouraged. To inspire hackers to release stolen sensitive information is supporting the crime that was already committed and is encouraging further crimes. Furthermore, hacking by a foreign state to influence the outcome of our elections is a threat to the core of our democracy and should not be tolerated.”

“It is incomprehensible to me that a public figure would ever openly encourage these kinds of attacks to be done, for any reason,” proclaimed Nathan Wenzler, Principal Security Architect for AsTech Consulting. “The risks we face as a nation are already great, and this does not, in any way, serve the common good or protect the public trust or the infrastructure we rely on from these kinds of attacks. These statements, even if in jest, are absolutely irresponsible, reckless and completely violate these basic tenets of ethical behavior and trust and ultimately, put our country into the dangerous crosshairs of even more nation-sponsored cyber attackers.”

There are two sides to the story, though, and ethics are often in the eye of the beholder.

Scott
Carlson, Technical Fellow at BeyondTrust, explained, “To me, an ethical action is one that follows the belief system of most people when asked about that specific topic. From reading the recent polls, most Americans would like to see a complete release of the information so that they can judge for themselves whether or not they can believe the Clinton campaign. There is nothing illegal about this, and it is even close to ethical because even though the message might be a bit terse from Trump, it would be construed as ethical by your average person.”

It seems to me that there is still a difference between ethical and “close to ethical”. Wenzler is more direct in his opinion. “Whether or not it is outright illegal, will be for lawyers to determine. However, in my opinion, it is an absolutely unethical, extremely negligent and very dangerous sort of announcement to make publicly.”

Repercussions for Democracy

"We're seeing strategic cyber warfare happening right now, and what you’re seeing is the tactical aspect,” declared Arora. “Imagine if whoever has the data, the Russians or whoever, release more emails a week before the election? This could completely shape the whole geopolitical landscape of the world."

According to Carlson, “The request for the release of the information is likely not illegal in nature, it is likely not unethical in nature, but it is certainly a new tact that a candidate is using to ask foreign governments to help in an election cycle. We are now seeing our global economy impacted by elections, partnerships and relationships impacted by real-time communications, and worldwide governments influencing elections that also benefit them and possibly the world.”

Whether it’s an open invitation from a candidate for President of the United States to a foreign government to hack a political rival, a plea from a concerned citizen for evidence to be shared with the FBI for an ongoing investigation, a joke meant to be sarcastic, or whatever new spin the Trump campaign has put on it in the last hour or two while I’ve been writing, it is reckless and cavalier behavior for someone aspiring to be the most powerful person in the most powerful country in the world.

Joseph Carson, CISSP and Global Director of Strategic Alliances for Thycotic, summed it up nicely. “Strengthening the security and resilience of cyberspace is of the utmost importance to America’s homeland security. No serious candidate for any elected office, especially the office of the President of the United States, should ever encourage foreign hackers to commit internet-based theft. Even in jest.”

I am Senior Manager of Content Marketing for Alert Logic and Editor-in-Chief of TechSpective. I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also ...